This is an issue that has been with us for a while. See:
https://bugs.openjdk.java.net/show_bug.cgi?id=100062http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7188845
for some background.
The original proposed patch goes to far in removing most of the
infrastructure for restricting crypto levels and signing of crypto
jars.
The following simple webrev will achieve what I think is needed:
http://cr.openjdk.java.net/~andrew/100062/webrev.01/
allowing OpenJDK to be built with the unlimited rather than limited
crypto policy in place.
The build is only altered if both an OpenJDK build is being performed
and UNLIMITED_CRYPTO is defined. In this case, the install-unlimited
rule is used to install policies. Without UNLIMITED_CRYPTO being set,
OpenJDK builds still depend on install-limited as now.
I believe this is a fairly unintrusive change which should allow GNU/Linux
distros to ship without crypto restrictions while still using upstream
OpenJDK rather than a variant with several classes removed.
It's not clear to me why this approach wasn't taken before, so I hope I haven't
missed something.
If this looks ok, I'll push it as the resolution for bug 7188845.
--
Andrew :)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07